HTTP Headers report for marshall.com

Header Name	Header Data
HTTP status code	200
Date	Wed, 16 Apr 2025 22:40:07 GMT
X-Amz-Cf-Pop	AMS1-P3
X-Amzn-Trace-Id	Root=1-6800307d-16c64aa725059d7448c783bb;Parent=0ecf022b8b8dc9a1;Sampled=0;Lineage=1:4e265633:0
X-Dns-Prefetch-Control	off
X-Xss-Protection	0
X-Cache	Hit from cloudfront
Server	cloudflare
Connection	keep-alive
Content-Security-Policy	img-src 'self' .commercecloud.salesforce.com .mobify-storefront.com data: .doubleclick.net .google.se .google.com .collect.igodigital.com ct.pinterest.com ib.adnxs.com images.ctfassets.net .images.ctfassets.net p.yotpo.com zoundindustries--int.sandbox.my.site.com zoundindustries.my.salesforce.com zoundindustries.my.site.com yotpo-editor-production.s3.amazonaws.com marshallheadphones-development.improove.tv marshallheadphones-ondemand02.improove.tv .gstatic.com .analytics.google.com .google-analytics.com www.google.com maps.googleapis.com maps.google.com .staging-marshall.com .qa-marshall.com .marshall.com i.ytimg.com i.vimeocdn.com .facebook.com www.mczbf.com .hotjar.com idsync.rlcdn.com ade.googlesyndication.com services.sheerid.com .usercentrics.eu api.usercentrics.eu app.usercentrics.eu;media-src assets.ctfassets.net .assets.ctfassets.net .akamaized.net player.vimeo.com .vimeocdn.com download-video-ak.vimeocdn.com .usercentrics.eu api.usercentrics.eu app.usercentrics.eu;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'self' blob: storage.googleapis.com www.googletagmanager.com action.dstillery.com s.pinimg.com connect.facebook.net acdn.adnxs.com static.hotjar.com 100016846.collect.igodigital.com js.adsrvr.org analytics.tiktok.com www.google-analytics.com action.media6degrees.com .pingdom.net api.cquotient.com staticw2.yotpo.com widgetsrepository.yotpo.com cdn-widgetsrepository.yotpo.com maps.googleapis.com player.vimeo.com .youtube.com/ .youtube-nocookie.com/ .my.salesforce.com service.force.com .salesforceliveagent.com .my.site.com static.lightning.force.com www.google.com www.gstatic.com zoundindustries.my.site.com zoundindustries--int.sandbox.my.site.com connect.facebook.net www.mczbf.com .hotjar.com cdn.jsdelivr.net js.klarna.com static.redeal.se static.onsite.voyado.com .usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com api.onsite;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https: staticw2.yotpo.com .hotjar.com cdn.jsdelivr.net .usercentrics.eu api.usercentrics.eu app.usercentrics.eu;connect-src 'self' api.cquotient.com .doubleclick.net .analytics.google.com analytics.google.com .google-analytics.com www.google-analytics.com analytics.tiktok.com ct.pinterest.com .pingdom.net preview.contentful.com cdn.contentful.com staticw2.yotpo.com api.yotpo.com maps.googleapis.com privacyportal.cookiepro.com geolocation.onetrust.com webto.salesforce.com test.salesforce.com .my.site.com zoundindustries.my.site.com vimeo.com/ .googlesyndication.com www.google.com server-side-tagging-iglp74couq-uc.a.run.app/ zoundindustries--int.sandbox.my.site.com .hotjar.com .hotjar.io connect.facebook.net .facebook.com www.mczbf.com wss://.hotjar.com .eu.klarnaevt.com js.klarna.com/ .voyado.com .usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com;frame-src 'self' .doubleclick.net insight.adsrvr.org ct.pinterest.com/ player.vimeo.com/ .youtube.com/ .youtube-nocookie.com/ .spotify.com/ .my.salesforce.com www.google.com www.googletagmanager.com .facebook.com zoundindustries--int.sandbox.my.site.com zoundindustries.my.site.com services.sheerid.com js.klarna.com/ https://osm.klarnaservices.com/learn-more/index.html marshall-prod.sitestorage.se static.onsite.voyado.com .usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com;frame-ancestors *.contentful.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none'
X-Amz-Apigw-Id	JIyDnFF2FiAEV9g=
Cache-Control	max-age=900, stale-while-revalidate=86400
X-Amzn-Remapped-Date	Wed, 16 Apr 2025 22:34:37 GMT
Cf-Cache-Status	DYNAMIC
Cf-Ray	93172ebc09f0ad9f-AMS
X-Permitted-Cross-Domain-Policies	none
X-Download-Options	noopen
Vary	Accept-Encoding
X-Amz-Cf-Id	6i28jwVzJ8kJa9FoeuExG3hIHUb-0i4d8jR61G8REeKTLfdUSEQARg==
Age	330
Content-Security-Policy-Report-Only	script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Q4qvMfJX4pDpMFbTjAhql5fao3gVo8rNFm7va1PMU8c-1744843207-1.0.1.1-eSxdO7b6GmRoTE.066iPbbobjb2sVUEuucjJmMTxRv9hvww6EuhRwNgQLkGz6tMijB50Qhv8NlGmxaTHWbZPE.RzPRS0ISuXwijzaadz9_EesVTl_rWi.Zi11O9HHseSLaMSz2zrCSDLo9I4iT3NSbpJBvXfTKiDfBvYm1TTQgA; report-to cf-csp-endpoint
X-Amzn-Remapped-Connection	close
X-Content-Type-Options	nosniff
Etag	W/"da13c-qiYxwIZl0uLA8Jz8vq7oYcPQsXw"
X-Amzn-Requestid	ca968ff3-637f-4e56-9f59-2dc50f8e9d97
Via	1.1 cec0e64209a322f193c5e90a44c7fc7e.cloudfront.net (CloudFront)
Report-To	{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Q4qvMfJX4pDpMFbTjAhql5fao3gVo8rNFm7va1PMU8c-1744843207-1.0.1.1-eSxdO7b6GmRoTE.066iPbbobjb2sVUEuucjJmMTxRv9hvww6EuhRwNgQLkGz6tMijB50Qhv8NlGmxaTHWbZPE.RzPRS0ISuXwijzaadz9_EesVTl_rWi.Zi11O9HHseSLaMSz2zrCSDLo9I4iT3NSbpJBvXfTKiDfBvYm1TTQgA"}],"group":"cf-csp-endpoint","max_age":86400}
Content-Type	text/html; charset=utf-8
Referrer-Policy	no-referrer
Expect-Ct	max-age=0
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Amzn-Remapped-Content-Length	893244

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar